About the Threat Intelligence Page
To access this page, select Administration > Insights Management > Threat Intelligence.
Look up your trusted threat intelligence providers for indicators of compromise to confirm the maliciousness of the reported event. Indicators of compromise include IP addresses, URLs, and file hash observed in the log data. What is considered malicious is based on available knowledge about the threat intelligence provider’s output.
Security Director Insights supports the following threat intelligence sources:
Source | Data |
---|---|
IBM X-Force | IP lookup and file hash |
VirusTotal | File hash and URL lookup |
Opswat | File hash, URL lookup, and IP lookup |
Tasks You Can Perform
You can perform the following tasks from the Threat Intelligence page:
Configure a threat intelligence source. See Configure Threat Intelligence Source.
Edit and delete an existing threat intelligence source. See Edit and Delete Threat Intelligence Source.
Click Test to test the validity of the API key and check whether the Security Director VM can reach a threat intelligence source.
Field Descriptions
Table 1 provides guidelines on using the fields on the Threat Intelligence page.
Table 1: Fields on the Threat Intelligence Page
Field | Description |
---|---|
Source | Specifies the threat intelligence source. |
Description | Specifies the corresponding API details configured for the threat intelligence source. |